Integrity breaches and the future of cybercrime

Internet Service Providers (ISPs) and app developers have no doubt moved quickly in recent years to encrypt their traffic in response to user concerns about cybercrime such as privacy, identity theft and digital fraud.

With the mainstream media attention that digital privacy issues have received over the last few years, it’s not a surprise to see data encryption on the increase. It is becoming a vital step for businesses looking to protect sensitive data belonging to them and their customers against the growing threat of cyber-attacks.

Recent reports claim that at least 70 per cent of global internet traffic will be encrypted by the end of 2016, according to the Global Internet Phenomena Spotlight by Sandvine, with many networks predicted to exceed 80 per cent.

Breaches will happen

As a security specialist, I applaud this trend towards data encryption. But it’s important to stress that companies still have to ensure that they are encrypting their own data and protecting customer data fully.

What we call “first-level security”, protecting the perimeter, is no longer sufficient to repel hackers and companies should not kid themselves on this. Hackers increasingly have the ability to breach company perimeters and encryption adds that necessary extra layer, by focusing on protecting the most important aspect: the data. It’s vitally important for businesses to do a data risk assessment, to generate an understanding of what the key, mission-critical, data is, by department and division, and what the risks are if it is compromised or changed. By being aware of this, it is possible to protect the integrity of the data that is most valuable to the business.

However, this can only be achieved if companies ensure encryption is factored into every stage of the supply chain and implement an end-to-end solution that protects the data from start to finish.

Data in transit, for example, needs to be encrypted, both by the ISPs and companies themselves, as it is always at risk of being intercepted by anybody with access to the network or the physical media used by it. No matter how strong your security protocols and how secure you think your corporate network is, there are always ways for hackers to gain access. Hence, encrypting your data is the only way of truly protecting it.

Once this is in place, the focus then switches to strong management of the encryption keys and the introduction of two-factor authentication. These keys are designed to only allow data access to authorised users for them to have the ability to unlock that encryption. Two-factor authentication adds that extra layer needed to ensure access to the data is as secure as possible.

If companies fail to do this and leave the keys out in the open in software, they put their own and their customers' encrypted data at risk. After all, you wouldn’t lock up your house when going away on holiday and then carelessly throw your house keys under the doormat for any passers-by to see. Would you?

Sophisticated hacks and integrity breaches

Cyber-criminals are becoming far more sophisticated in the ways in which they can extract cash from data, and while our recent Breach Level Index report showed that there are fewer attacks aiming to obtain financial and banking data, we are seeing more cases of malicious actors looking for any weak point to gain access and grab data the business may not realise is being targeted.

There is a clearly identifiable shift in the types and sophistication of cyber-attacks that companies need to protect themselves from. One of the next major trends will be “integrity-based” attacks – which means that hackers will attempt to manipulate a company’s data to their advantage, but in ways in which will not be immediately apparent.

For example, if you consider IoT-enabled farming methods, farmers and manufacturers are now able to measure and monitor the soil and crop quality in different fields and, on a bigger scale, across regions and countries. This data is incredibly useful in terms of accurately predicting the crop yield per unit area of land cultivation, hence its value to global commodity markets. But consider what might happen if this data is hacked?

If a threat actor was able to access and manipulate this type of soil quality data to their advantage, changing it in ways which didn’t seem to be too suspicious, a stock-market-playing cyber-criminal could well make some fast and dirty cash, as the company’s value rises based on false data.

Most integrity breaches go unnoticed

Companies use this type of data to make vitally important commercial decisions. Consider, as another example, if a hacker was able to manipulate a major retailer’s sales figures so that the company thought it was doing particularly well with certain products. The retailer would then place considerably more orders for those products, with the view that sales will increase and therefore the bottom line as well.

There are many other such examples of how hackers might be able to cleverly manipulate commercial data to their advantage in ways that were not immediately obvious. The important point is to understand that most of these types of integrity breaches will go unnoticed until long after they – and the business decisions made based upon them – occur. By which time, it’s way too late and the damage has been done.

So while our latest Breach Level Index report showed that theft of identities and personal information still accounts for 53 per cent of data breaches, we do expect to see more occurrences of other kinds of data integrity breaches in the future.

As the likelihood of attacks increases, CIOs and CSOs need to make sure they’re overlooking all areas of business data use and understand where their data is at all times. Protecting against these attacks is vital to ensure customer trust and loyalty in the organisation. As we’ve seen with the most recent high-profile breaches, damage to reputation can be significant and lead to a lack of customer confidence in that brand.

This is why CIOs and CSO have to employ the latest security techniques in encryption, key management and two-factor authentication to protect the data and the access to it. Once these are in place the extra-layer approach should provide the barrier to stop a company being the next high profile victim of an attack.